Reftab now offers automatic discovery of who has access to your SaaS platforms, and how often they utilize these platforms, by integrating with your Azure instance. In this guide, weโll give you a step-by-step look at setting this integration up:
Azure Settings
Grant Permissions
Track Software Utilization
Create Certificate and Secret
Reftab Settings
Azure Settings
The first step in this process is to setup the initial application for Azure to integrate to Reftab.
This can be accomplished by logging into your Azure account (https://portal.azure.com), and then clicking on โEnterprise Applicationsโ under โAzure servicesโ.
If you do not see โEnterprise Applicationsโ, then you will need to click the menu tree in the top left corner, and then click โAll servicesโ. Here you can search for โEnterprise Applicationsโ and star the service so that it can be easily accessed from the landing page.
Once inside the Enterprise Applications page, click โNew applicationโ, then โCreate your own applicationโ. Give the application a name, something simple like โReftabโ will suffice. Ensure that โIntegrate any other application you donโt find in the gallery (Non-gallery)โ is checked. Then press โCreateโ.
After the creation of the application, take note of the โApplication IDโ under the โPropertiesโ header in the page you have been brought to, this will be needed later on.
Grant Permissions
Next the application needs to be granted permissions. In order to do so, navigate to โPermissionsโ, which can be found under โSecurityโ. Then click on โapp registrationโ. Next, click on โAdd a permissionโ, and then select the โMicrosoft Graphโ API.
Select โApplication permissionsโ when deciding the type of permission the application requires.
Next, filter by typing in the respective box and search for โApplicationโ, expand the category and checkmark โApplication.Read.Allโ.
Next, we will filter once again but for โUserโ, scroll down until you locate the โUserโ category, expand the category, and checkmark โUser.Read.Allโ.
Once permissions have been added, click on โGrant admin consent for Default Directoryโ, then click โYesโ on the confirmation popup. Ensure the warning status turn green for both permission nodes once consent is granted.
Additional Permissions Required to Track Software Utilization
Additionally, if you want to take advantage of the new usage features our SaaS Discovery integrations offer, you will want to grant the application permission to read all audit log data. The permission node for this would be AuditLog.Read.All, as shown below:
Reftab’s new utilization feature streamlines the tracking of software usage, making it simple to identify underutilized software licenses. This allows for more efficient management of your licenses, ensuring you’re getting the most out of your investments. Additionally, the new login charts and columns provide detailed insights into user activity, helping you understand how frequently the software is being used.
You can learn more about the Okta and Azure SaaS utilization feature here!
Create Certificate and Secret
Next, create a new client secret by navigating to โCertificates & secretsโ on the left-hand menu, click โNew client secretโ, then enter a short description. โReftabโ will be adequate. Set your expiration timeframe, the recommended is 180 days by default. Then click โAddโ to create the client secret.
Take note of the string under the โValueโ column, as it will be needed later.
**This is the only time that this value will be visible**
Last, grab the OAuth 2.0 token endpoint (v2). This can be found by navigating to โOverviewโ on the same page, and clicking on โEndpointsโ. The URL will be the second line item in the screenshot below. Take note of this, as it will also be needed in the next steps.
Reftab Settings
Now that things are setup on the Azure side, log into your Reftab account: https://www.reftab.com/login
Next, click on โSettingsโ, then โIntegrationsโ, then finally click on โConfigureโ for Azure SaaS Discovery.
Now input your endpoint url into the โAzure Oauth2 Token Endpointโ field. Then input your Application ID into the โClient IDโ field, then last input your client secret value into the โClient Secretโ field. Next click โSave Azure Settingsโ. Then click โRefresh Azure Applicationsโ. Your Azure application will now populate.
..and there you have it! You have successfully integrated Azure SaaS Discovery w/ Reftab! You can now create subsequent applications for each license you would like to have automatically assigned to users in Reftab.
For questions, email โ[email protected]โ